We would like the ability to ingest data from the Sophos Central Cases API as part of the current Sophos Central Inspector. We would like the ability to receive an alert when a high or critical case is created so we can investigate further.

the Sophos Central API would be updated to add support for the Cases API functionality. The more info that the Inspector could pull down, the better. There is ability to pull case information on individual cases that include things like Detections and MITRE tactics. Here is info from Sophos on the API https://developer.sophos.com/docs/cases-v1/1/overview